BADANIE PŁAC – INFORMATION SECURITY – POLSKA 2020

Projekt organizowany w kooperacji ISSA Polska i CSO Council

 

Drodzy Członkowie CSO Council!

Przedstawiamy Wam projekt Badania Płac w obszarze Information Security, który organizujemy wspólnie z ISSA Polska.

Jeśli jako uczestnik ankiety otrzymałeś od nas wiadomość powitalną wraz z dodatkowymi informacjami. Zapoznaj się z nimi.

Link do ankiety dostępny będzie wkrótce.

Nie otrzymałeś maila powitalnego lub maila z hasłem, ale zgłaszałeś chęć udziału w badaniu? → Odezwij się do nas na adres , naprawimy problem.

Masz pytania? Zapoznaj się proszę z sekcją FAQ → <link>

 

Pozdrawiamy i dziękujemy za udział w projekcie,

ISSA Polska & CSO Council

 

Tak, jestem zainteresowany udziałem w badaniu i proszę o dalsze informacje:

  1. JAKI JEST CEL ANKIETY? CO CHCEMY OSIĄGNĄĆ?
    Chcemy, aby wyniki ankiety były wartościowym źródłem danych w procesach decyzyjnych w naszych organizacjach. Tworzymy zestawienie, które będzie bazowało na reprezentatywnej grupie badawczej. Chcemy również pokazać, że dzielenie się tego typu informacjami w ramach CSO Council może przynieść wartość dla nas wszystkich.
  2. CZY ANKIETA JEST ANONIMOWA?
    Proces zbierania danych jest z założenia anonimowy. Na żadnym etapie procesu pozyskane informacje nie będą powiązane z konkretną organizacją. Nie będziemy też pytać o informacje naruszające anonimowość. Z tego powodu prosimy również o wypełnianie ankiety z ‘neutralnych’ łącz internetowych tj. konsumenckich operatorów publicznych lub łącz telefonii komórkowej. Niezależnie od tego, adres IP z którego wypełniana jest ankieta, nie będzie przez organizatorów przetwarzany w sposób naruszający anonimowość.
  3. PYTANIA WPROWADZAJĄCE – MIASTO
    Pytania wprowadzające służą odpowiedniemu zaszeregowaniu deklaracji wynagrodzeń oraz poprawnej analizie danych w późniejszym czasie. Są to pytania kluczowe, dzięki którym jesteśmy w stanie odpowiednio pogrupować odpowiedzi.Pole ‘miasto’ – WAŻNE – jeśli Twoja organizacja zatrudnia pracowników w obszarze Information Security w więcej niż jednym mieście Polski – wypełnij proszę ankietę wielokrotnie, za każdym razem deklarując miasto zgodne z danymi wynagrodzeń.
  4. MAM KŁOPOT Z PRZYPISANIEM STANOWISKA ISTNIEJĄCEGO W MOJEJ ORGANIZACJI DO STANOWISKA W ANKIECIE.
    Stanowiska zostały opisane w sposób ułatwiający identyfikację stanowiska w organizacji. Rozumiemy, iż specyfika i różnorodność wielu firm może powodować trudności w poprawnym przypisaniu stanowiska. Jeśli ankietowany jest w stanie przypisać dane stanowisko do profilu w zdecydowanej większości, uznaje się, że jest to poprawne przypisanie. Prosimy nie uwzględniać wynagrodzeń stanowisk, w których takie przypisanie nie jest możliwe.
  5. CZY MOGĘ WYPEŁNIĆ ANKIETĘ WIĘCEJ NIŻ RAZ?
    Uprzejmie prosimy o wypełnienie ankiety tylko raz poza wyjątkiem z pytania nr 3. Nie planujemy wprowadzać ograniczeń technologicznych, ale wielokrotne wypełnienie ankiety obniży reprezentatywność wyników.
  6. JAK POPRAWNIE WYLICZYĆ WYNAGRODZENIE PODSTAWOWE?
    Dla celów naszej analizy poprzez wynagrodzenie podstawowe należy rozumieć miesięczną kwotę wynagrodzenia brutto za pracę bez uwzględniania bonusa i dodatków.
  7. JAK POPRAWNIE WYLICZYĆ BONUS?
    Dla celów naszej analizy poprzez wartość bonusa należy rozumieć % rocznego wynagrodzenia brutto, przy założeniu wywiązania się z podstawowych obowiązków służbowych. Bonus nie jest świadczeniem gwarantowanym.
  8. JAK POPRAWNIE ZADEKLAROWAĆ DODATKI?
    Dodatki są benefitami pozapłacowymi, które nie są składnikami wynagrodzenia podstawowego oraz bonusa. Ankieta pozwala zaznaczyć dwa najpopularniejsze dodatki, tj. samochód służbowy lub jego ekwiwalent oraz pakiet akcji lub ich ekwiwalent pieniężny. Ankietowany ma również możliwość deklaracji pozostałych dodatków poprzez użycie pola ‘inne’. Deklarując ‘dodatki’ nie kwantyfikujecie ich do wartości kwotowej. Prosimy również nie uwzględniać niskokwotowych dodatków, które aktualnie występują powszechnie, tj. opieka medyczna, karta sportowa i ubezpieczenie grupowe.
  9. CZY BĘDĘ MIAŁA/MIAŁ DOSTĘP DO WYNIKÓW ANKIETY?
    Tak, zbiorcze wyniki ankiety wraz analizą danych będą udostępnione wszystkim uczestnikom przedsięwzięcia.
  10. CZY BĘDĘ MOGŁA/MÓGŁ UDOSTĘPNIĆ WYNIKI ANKIETY W SWOJEJ FIRMIE?
    Tak, wyniki ankiety udostępnimy bez ograniczeń użycia ich w codziennej pracy. Prezentacja wyników w formie pisemnej będzie jedynie wymagała uwzględnienie źródła pochodzenia danych.
Lista stanowisk w języku angielskim  

Roles listing:

Name Job type
SOC Analyst Alerts and incident handling within Security Operations Center
Digital Forensics Analyst / Threat Hunter / Malware Analyst Analysis of potential and actual data breaches
Pentester / Red Team / Offensive Security Finding and reporting system weaknesses
Security Analyst / Security Engineer Planning, implementing and maintaining IT security controls
Governance, Risk, Compliance Analyst / Auditor Risk assessment, policy and standards building, maintenance and auditing
Security Officer SME for supported business, projects &/or incidents handling/oversight
Security Manager Managing team of experts, escalation point, liaison between staff and upper management
Director Program &/or function management, cross-country scope, relationship with the business
CISO Owning security strategy, ensuring its alignment to business goals, responding to the board
 

Examples of activities, qualifications and experience. They are not exhaustive and may vary substantially depending on company scale, industry, country of origin, etc.

 

 

 

SOC Analyst
Job type: Alerts and incident handling within Security Operations Center
  Level 1 Level 2 Level 3
Typical experience in role 0-2 years 3-5 years 5+ years
Main activities
  • Monitors SIEM alerts
  • Manages and configures security monitoring tools
  • Prioritizes alerts or issues and performs triage to confirm a real security incident is taking place
  • Receives incidents and performs deep analysis
  • Correlates with threat intelligence to identify the threat actor, nature of the attack and systems or data affected
  • Decides on strategy for containment, remediation and recovery and acts on it
  • Day-to-day, conducts vulnerability assessments and penetration tests, and reviews alerts, industry news, threat intelligence and security data.
  • Actively hunts for threats that have found their way into the network, as well as unknown vulnerabilities and security gaps. When a major incident occurs, joins the Tier 2 Analyst in responding and containing it.
Qualification required
  • System administration skills
  • Web programming languages, scripting languages
  • Security certifications such as CISSP, CEH
Similar to Tier 1 analyst but with more experience including incident response. Advanced forensics, malware assessment, threat intelligence. White-hat hacker certification or training is a major advantage.   Similar to Tier 2 analyst but with even more experience including high-level incidents. Experience with penetration testing tools and cross-organization data visualization. Malware reverse engineering, experience identifying and developing responses to new threats and attack patterns.
Digital Forensics Analyst / Threat Hunter / Malware Analyst
Job type: Analysis of potential and actual data breaches
Junior Middle Senior
Typical experience in role 0-2 years 3-5 years 5+ years
Main activities
  • Identify unknown threats through threat hunting services
  • Conduct data breach and security incident investigations
  • Recover and examine data from computers and electronic storage devices
  • Dismantle and rebuild damaged systems to retrieve lost data
  • Identify additional systems/networks compromised by cyber attacks
  • Compile evidence for legal cases
  • Draft technical reports, write declarations and prepare evidence for trial
  • Give expert counsel to attorneys about electronic evidence in a case
  • Advise law enforcement on the credibility of acquired data
  • Support the investigation and contribution to large and small scale computer security breaches
  • Through review and analysis of cyber threats, provide both internal & external parties key information to respond to threat.
  • Work on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets
  • Work with law enforcement and business partnerships internationally to investigate cyber crime and threat actors.
  • Collaborate with Business Partners in Risk & Fraud on cases, providing technical investigative capabilities.
  • Interact and assist other investigative teams within Visa on time sensitive, critical investigations.
  • Participate as part of a close team of technical specialists on coordinated responses and subsequent remediation of security incidents.
Qualification required
  • Operating systems (Windows/Unix)
  • Programming skills
  • Network skills, including TCP/IP-based network communications
  • Computer hardware and software systems
  • Computer hardware and software systems
  • Operating system installation, patching and configuration
  • Backup and archiving technologies
  • Cryptography principles
  • eDiscovery tools
  • Forensic software applications
  • Cloud computing
  • Big data analytics skills
  • Strong knowledge of malware families and network attack vectors.
  • Strong knowledge of Linux, Windows system internals.
  • Strong knowledge of web applications and APIs
Pentester / Red Team / Offensive Security
Job type: Finding and reporting system weaknesses
Junior Middle Senior
Typical experience in role 0-2 years 3-5 years 5+ years
Main activities
  • Perform formal penetration tests on web-based applications, networks and computer systems
  • Conduct physical security assessments of servers, systems and network devices
  • Probe for vulnerabilities in web applications, fat/thin client applications and standard applications
  • Pinpoint methods that attackers could use to exploit weaknesses and logic flaws
  • Employ social engineering to uncover security holes (e.g. poor user security practices or password policies)
  • Research, document and discuss security findings with management and IT teams
  • Work on improvements for security services, including the continuous enhancement of existing methodology material and supporting assets
  • Provide feedback and verification as an organization fixes security issues
  • Design and create new penetration tools and tests
  • Review and define requirements for information security solutions
  • Work on improvements for security services, including the continuous enhancement of existing methodology material and supporting assets
Qualification required
  • Operating systems (Windows/Unix)
  • Programming skills
  • Network servers and networking tools
  • Computer hardware and software systems
  • Web-based applications
  • Cryptography principles
In addition:
  • Vulnerability analysis and reverse engineering
  • Security frameworks
  • Security tools and products
  • Metasploit framework
  • Forensics tools
In addition:
  • Ability to perform and coordinate system wide assessments
  • Reporting issues in management language
  • Certifications, such as OSCP, etc.
Security Analyst / Security Engineer
Job type: Planning, implementing and maintaining (mainly) IT security controls
Junior Middle Senior
Typical experience in role 0-2 years 3-5 years 5+ years
Main activities
  • Maintain data and monitor security access
  • Perform vulnerability testing, risk analyses and security assessments
  • Manage network, intrusion detection and prevention systems
 
  • Deliver technical reports and formal papers on test findings
  • Maintain and operate cybersecurity technology and and provide expertise in area of focus
  • Provide awareness and guidance within Company's community on secure business processes, architecture design, and technical controls
  • Monitor and report on the effectiveness of information security controls and compliance with information security policies.
  • Develop automation scripts to handle and track incidents
  • Analyze security breaches to determine their root cause
  • Supervise changes in software, hardware, facilities, telecommunications and user needs
  • Create new ways to solve existing production security issues
  • Collaborate with colleagues on authentication, authorization and encryption solutions
  • Evaluate new technologies and processes that enhance security capabilities
  • Test security solutions using industry standard analysis criteria
  • Respond to information security issues during each stage of a project’s lifecycle
  • Train fellow employees in security awareness and procedures
  • Analyze and advise on new security technologies and program conformance
  • Configure and install firewalls and intrusion detection systems
Qualification required
  • Operating systems (Windows/Unix)
  • Programming skills
  • Network skills, including TCP/IP-based network communications
  • Computer hardware and software systems
In addition:
  • DLP, anti-virus and anti-malware
  • TCP/IP, computer networking, routing and switching
  • Windows, UNIX and Linux operating systems
  • Network protocols and packet analysis tools
  • C, C++, C#, Java or PHP programming languages
  • Cloud computing
In addition:
  • Understanding of rules and regulations pertaining to IT Security and Data Protection
  • ISO 27001/27002 standards plus ITIL and COBIT frameworks knowledge
Governance, Risk, Compliance Analyst / Auditor
Job type: Risk assessment, policy and standards building, maintenance and auditing
Junior Middle Senior
Typical experience in role 0-2 years 3-5 years 5+ years
Main activities
  • Implement, maintain, and oversee an effective technology risk oversight framework. Leverage knowledge of the industry, technologies, and product types to ensure effective management of risk
  • Actively identify, assess, respond and escalate risks. Identify gaps and inform solutions identified resulting from inadequate internal processes, systems or human errors
  • Participate in presentations and workshop sessions on Cybersecurity risk management activities, process analysis, risk identification, assessment, control, and mitigation
  • Conduct internal and external security audits
  • Serve as a liaison, collaborating and interfacing with risk partners and other second-line enterprise risk management functions to drive meaningful technology-risk reductions and escalation of risks, as needed.
  • Comprehensively assess risks and gather insights from issues and events across technology business areas to provide an aggregated risk assessment. Design, implement, and/or influence internal governance processes (includes reporting, issue management, policy/standard review, risk identification, risk assessments, and risk monitoring).
  • Review technology and risk management processes; examine documentation and flow to identify ways to improve and streamline risk mitigation processes. Where required by internal policies or external agencies, develop documentation of reports. This also includes developing, contributing to, and monitoring metrics and reporting (e.g., management reporting, internal reporting, etc.).
  • Directly confer with business unit management and staff by scoping business problems, analyzing processes, risk exposure and sharing lessons learned. Identify problem drivers
  • Partner with second-line risk management functions to help ensure proper execution of established frameworks, policies, standards, strategies (including risk appetite, RCSA).
Qualification required
  • Knowledge of IT Security hardware, software and solutions
  • Understanding of rules and regulations pertaining to IT Security and Data Protection
  • ISO 27001/27002 standards plus ITIL and COBIT frameworks knowledge
  • Experience using computer operating systems such as MS Windows, UNIX/Linux
In addition:
  • Database platforms
  • Data analysis software
  • Network penetration and testing tools
  • Hardware and software firewalls and intrusion detection protocols
In addition:
  • Ability to perform and coordinate company wide audits
  • Reporting issues in management language
  • Relevant certifications

 

 

Security Officer
Job type: SME for supported business, projects &/or incidents handling/oversight
Security Manager
Job type: Managing team of experts, escalation point, liaison between staff and upper management
Main activities
  • Serves as subject matter expert for guidance, direction, and oversight for company’s information security policies.
  • Serves a project manager or project leader for information security projects
  • Serves as the subject matter expert for providing technical expertise and support for security software.
  • Manages and oversees the processes and outcomes for multiple interrelated security incidents, recoveries, breaches, intrusions, and system abuses. Ensures security incidents are resolved timely and appropriately.
  • May lead and conducts multiple, complex and inter-dependent risk analyses of company’s information security architecture, focusing on threats and vulnerabilities affecting company’s hardware and software components, with the objective of proactively mitigating threats throughout our infrastructure.
  Qualification required
  • Must possess strong knowledge of business, information security and/or computer science
  • CISSP &/or CISA 7/or other certifications are welcome
  Typical experience in role 0-5 years
Main activities
  • Manage a diverse team of security administrators, analysts and IT professionals
  • Act as a key liaison between upper-level management, programmers, risk assessment staff and auditors
  • Create and execute strategies to improve the reliability and security of IT projects
  • Define, implement and maintain corporate security policies and procedures
  • Spearhead vulnerability audits, forensic investigations and mitigation procedures
  • Respond immediately to security-related incidents and provide a thorough post-event analysis
  • Institute organization-wide training in security awareness, protocols and procedures
  • Assess, test and select new security products and technologies
  • Prepare cost estimates and identify integration issues
  • Administer department budgets and staff schedules
  Qualification required
  • Must possess strong knowledge of business, information security and/or computer science
  • CISSP &/or CISA 7/or other certifications are welcome
Typical experience in role
5+ years
Director
Job type: Program &/or function management, cross-country scope, relationship with the business
CISO
Job type: Owning security strategy, ensuring its alignment to business goals, responding to the board
Main activities
Information security strategy and drive governance and program execution across the organization, including security operations, cyber threat intelligence, risk mitigation, security architecture, and program management. They will be the primary liaison and change agent for all security matters associated with information technology. The Director will oversee and develop a collaborative team and supporting processes
 

Qualification required
Technical knowledge of different types of hardware and software;
Regulatory compliance knowledge, including HIPAA, SOX, PCI, NIST and GLBA;
Understanding of laws concerning data acquisition, protection and transmission;
Information Technology Infrastructure Library (ITIL), COBIT, ISO and other applicable IT management methods and toolsets;
Standard enterprise and personal operating systems, such as Windows, Linux, Mac OS and UNIX;
Familiarity with multiple software types at the application and enterprise levels;
Protection systems against malware, hacking and other threats;
Policies and procedures for secure computing;
Risk assessment experience;

 

Typical experience in role
5-10 years

Main activities
A CISO is the executive-level manager who directs strategy, operations and the budget for the protection of the enterprise information assets and manages that program. The scope of responsibility will encompass communications, applications and infrastructure, including the policies and procedures which apply.
 
Qualification required
Successful CISO’s will bring strong leadership and people management abilities. In their executive role, they must use strategic thinking to identify risks and trends and stay ahead of the threats to the environment they protect. To do this they must be able to understand multiple complex systems and technology at a detail level in a constantly changing threat environment. Plans and ad hoc responses must dovetail with the company strategy and budget. Excellent communication, documentation and presentation skills will speed acceptance and support for their recommendations and plans.
 
Typical experience in role
10+ years

 

 

 

Base job description framework taken from:

and then amended for the needs of this research from multiple reputable job board sources.